Deckard's System Scanner v20071014.68
Run by uskbxl03 on 2008-07-27 12:26:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
54: 2008-07-27 16:26:38 UTC - RP192 - Deckard's System Scanner Restore Point
53: 2008-07-27 16:00:31 UTC - RP191 - Software Distribution Service 3.0
52: 2008-07-27 01:29:46 UTC - RP190 - Software Distribution Service 3.0
51: 2008-07-26 16:00:25 UTC - RP189 - Software Distribution Service 3.0
50: 2008-07-25 16:00:26 UTC - RP188 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-06-21 14:38:09 UTC - RP139 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as uskbxl03.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28, on 2008-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ccs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Documents and Settings\All Users\Application Data\unohuxan\mxoxapqz.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\RightFax\FaxCtrl.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\onuhqjen.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\uskbxl03\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\uskbxl03.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.kellogg.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.kellogg.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Kellogg Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://configscript....ard/INSTALL.INS
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Register OCX] regsvr32.exe /s msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UtilWinSet] C:\WINDOWS\system32\onuhqjen.exe
O4 - HKCU\..\Run: [cmdcfg] C:\WINDOWS\system32\jqjuvqbc.exe
O4 - HKCU\..\Run: [CfgSmart] C:\WINDOWS\system32\tyterwxc.exe
O4 - HKCU\..\Run: [strshui] C:\WINDOWS\system32\nkzulclq.exe
O4 - HKLM\..\Policies\Explorer\Run: [9F8ATTTXED] C:\Documents and Settings\All Users\Application Data\unohuxan\mxoxapqz.exe
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.books24x7.com
O15 - Trusted Zone: *.confarchives.com
O15 - Trusted Zone: *.conferencing.com
O15 - Trusted Zone: *.ctadvantage.com
O15 - Trusted Zone: *.elementk.com
O15 - Trusted Zone: *.elm-wilke
O15 - Trusted Zone: *.elmsrv025
O15 - Trusted Zone: kelloggs.empowerdata.com
O15 - Trusted Zone: www.genesys.com
O15 - Trusted Zone: *.genesys.com
O15 - Trusted Zone: www.genesysmeetingcenter.com
O15 - Trusted Zone: *.iconf.net
O15 - Trusted Zone: *.us.kellogg.com
O15 - Trusted Zone: *.lbcity.biz
O15 - Trusted Zone: *.newhorizons.com
O15 - Trusted Zone: www.schneiderlogistics.com
O15 - Trusted Zone: *.shareholder.com
O15 - Trusted Zone: *.stcdev008
O15 - Trusted Zone: *.xatanet.net
O15 - Trusted Zone: *.zoomerang.com
O15 - Trusted Zone: *.books24x7.com (HKLM)
O15 - Trusted Zone: *.confarchives.com (HKLM)
O15 - Trusted Zone: *.conferencing.com (HKLM)
O15 - Trusted Zone: *.ctadvantage.com (HKLM)
O15 - Trusted Zone: *.elementk.com (HKLM)
O15 - Trusted Zone: *.elm-wilke (HKLM)
O15 - Trusted Zone: *.elmsrv025 (HKLM)
O15 - Trusted Zone: kelloggs.empowerdata.com (HKLM)
O15 - Trusted Zone: www.genesys.com (HKLM)
O15 - Trusted Zone: *.genesys.com (HKLM)
O15 - Trusted Zone: www.genesysmeetingcenter.com (HKLM)
O15 - Trusted Zone: *.iconf.net (HKLM)
O15 - Trusted Zone: *.us.kellogg.com (HKLM)
O15 - Trusted Zone: *.lbcity.biz (HKLM)
O15 - Trusted Zone: *.newhorizons.com (HKLM)
O15 - Trusted Zone: www.schneiderlogistics.com (HKLM)
O15 - Trusted Zone: *.shareholder.com (HKLM)
O15 - Trusted Zone: *.stcdev008 (HKLM)
O15 - Trusted Zone: *.xatanet.net (HKLM)
O15 - Trusted Zone: *.zoomerang.com (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/sec...nfo/webscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.kellogg.com,kellogg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = us.kellogg.com,kellogg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.kellogg.com,kellogg.com
O21 - SSODL: UiCom - {4354AA3D-341D-D542-D280-01732E429484} - C:\Program Files\rnzwmhf\UiCom.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Configuration Service (CCS) - Cisco Systems, Inc. - C:\WINDOWS\system32\ccs.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 12567 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADLTScriptFile - shell\open\command - "c:\WINDOWS\system32\notepad.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.1.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.1.0>
R2 MDC80211 (iPass Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc80211.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
S3 PCAM1394 - c:\windows\system32\drivers\pcam1394.sys <Not Verified; PHOTRON Ltd.; Windows ® 2000 DDK driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CCS (Cisco Configuration Service) - c:\windows\system32\ccs.exe <Not Verified; Cisco Systems, Inc.; Cisco Configuration Service (CCS)>
R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 iPCAgent - c:\program files\ipass\ipassconnect\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 Wuser32 (SMS Remote Control Agent) - c:\windows\system32\ccm\clicomp\remctrl\wuser32.exe <Not Verified; Microsoft Corporation; Systems Management Server>
S3 ACS (ACU Configuration Service) - c:\windows\system32\acs.exe
S3 iPassConnectEngine - c:\program files\ipass\ipassconnect\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
-- Scheduled Tasks -------------------------------------------------------------
2008-07-14 13:24:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-06-08 08:10:04 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2005-06-03 11:23:49 314 --a------ C:\WINDOWS\Tasks\BMMTask.job
-- Files created between 2008-06-27 and 2008-07-27 -----------------------------
6137-61-37 13:76:09 0 d-------- U:\Windows
6137-61-37 13:76:09 0 d-------- U:\usvjxt30
6137-61-37 13:76:09 0 d-------- U:\uskbxl03
6137-61-37 13:76:09 0 d-------- U:\uscrlw08
6137-61-37 13:76:09 131072 -----n--- U:\Uninstal.EXE
6137-61-37 13:76:09 0 d-------- U:\U.P. 06 Pics <UP1E4F~1.06P>
6137-61-37 13:76:09 0 d-------- U:\TIME TRACKING
6137-61-37 13:76:09 0 d-------- U:\Snacks front end
6137-61-37 13:76:09 0 d--hs---- U:\RECYCLER
6137-61-37 13:76:09 0 d-------- U:\Oregen Photos
6137-61-37 13:76:09 0 d-------- U:\Notes_bak
6137-61-37 13:76:09 0 d-------- U:\Notes
6137-61-37 13:76:09 0 d-------- U:\New Folder
6137-61-37 13:76:09 0 dr------- U:\My Videos
6137-61-37 13:76:09 0 d-------- U:\My Pictures
6137-61-37 13:76:09 0 dr------- U:\My Music
6137-61-37 13:76:09 0 d-------- U:\misc
6137-61-37 13:76:09 196638 -----n--- U:\Kellogg_Backup_WKKI.EXE <Not Verified; Microsoft Corporation; Microsoft Systems Management Server Installer>
6137-61-37 13:76:09 0 d-------- U:\front end
6137-61-37 13:76:09 0 d-------- U:\Expenses
6137-61-37 13:76:09 0 d-------- U:\Deckard
6137-61-37 13:76:09 0 d-------- U:\Data
6137-61-37 13:76:09 0 d-------- U:\data mail
6137-61-37 13:76:09 672659 -----n--- U:\cad
6137-61-37 13:76:09 0 d-------- U:\CAD FILES
6137-61-37 13:76:09 165803 -----n--- U:\Backrdir.EXE <Not Verified; Microsoft Corporation; Microsoft Systems Management Server Installer>
6137-61-37 13:76:09 0 d-------- U:\Adobe
2008-07-27 12:28:38 0 d-------- C:\Program Files\Trend Micro
2008-07-26 21:34:06 0 d-------- C:\WINDOWS\LastGood
2008-07-24 22:57:30 0 dr-h----- C:\Documents and Settings\uskbxl03\Recent
2008-07-24 21:12:24 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 21:12:24 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 21:12:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 21:12:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 21:12:24 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 21:12:24 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 21:12:24 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-24 21:12:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-24 20:53:53 94208 --a------ C:\WINDOWS\system32\nkzulclq.exe
2008-07-23 21:46:18 0 d-------- C:\Documents and Settings\uskbxl03\Application Data\Malwarebytes
2008-07-23 21:46:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 21:46:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 20:55:24 4206 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 20:43:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 20:43:43 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-23 20:43:43 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-23 20:43:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 20:43:43 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-23 20:43:42 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-23 20:43:42 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-21 22:52:08 0 d-------- C:\Program Files\rnzwmhf
2008-07-21 22:52:05 0 d-------- C:\Documents and Settings\All Users\Application Data\unohuxan
2008-07-21 22:52:00 77824 --a------ C:\WINDOWS\system32\onuhqjen.exe
-- Find3M Report ---------------------------------------------------------------
2008-07-12 09:59:24 0 d-------- C:\Documents and Settings\uskbxl03\Application Data\Adobe
2008-06-27 16:00:53 0 d-------- C:\Documents and Settings\uskbxl03\Application Data\U3
2008-05-27 13:35:43 0 d-------- C:\Documents and Settings\uskbxl03\Application Data\MSN6
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-03 20:10]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 13:48]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 13:48]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 04:38]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 04:38]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 04:38]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 04:38]
"TpShocks"="TpShocks.exe" [2005-08-22 22:29 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 05:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 21:02]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-12-30 17:19]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 11:53 C:\WINDOWS\AGRSMMSG.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2005-07-22 23:18]
"RightFAX Print-to-Fax Driver"="C:\Program Files\RightFax\\FaxCtrl.exe" [2003-09-01 23:32]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2004-12-14 03:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 09:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"UtilWinSet"="C:\WINDOWS\system32\onuhqjen.exe" [2008-07-21 22:52]
"cmdcfg"="C:\WINDOWS\system32\jqjuvqbc.exe" []
"CfgSmart"="C:\WINDOWS\system32\tyterwxc.exe" []
"strshui"="C:\WINDOWS\system32\nkzulclq.exe" [2008-07-24 20:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Register OCX"=regsvr32.exe /s msdxm.ocx
C:\Documents and Settings\uskbxl03\Start Menu\Programs\Startup\
.security [2008-07-23 20:53:24]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.security [2008-07-23 20:53:24]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2006-02-22 17:45:01]
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 09:18:22]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-03 11:26:13]
VPN Client.lnk - C:\WINDOWS\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico [2005-07-12 17:57:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoNTSecurity"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9F8ATTTXED"=C:\Documents and Settings\All Users\Application Data\unohuxan\mxoxapqz.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoSetFolders"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UiCom"= {4354AA3D-341D-D542-D280-01732E429484} - C:\Program Files\rnzwmhf\UiCom.dll [2008-07-21 22:52 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{986e75ca-aa1e-11db-9e86-000d607d34c8}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3415130-e8ab-11d9-986c-00028af224a9}]
AutoRun\command- E:\setup.EXE
-- End of Deckard's System Scanner: finished at 2008-07-27 12:29:35 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 510.92 MiB / 120.36 MiB
Pagefile Memory (total/avail): 1248.29 MiB / 850.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.27 MiB
C: is Fixed (NTFS) - 37.25 GiB total, 12.46 GiB free.
D: is CDROM (No Media)
U: is Network (*NT5CSC)
\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is not configured.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Symantec Client Firewall v7.1.3.1039 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v9.0.3.1000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\uskbxl03\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LUSKBXL03C9KZ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\bcusers1\users\USCBXL03\data
LOGONSERVER=\\STCDC002
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=c:\temp
TMP=c:\temp
USERDNSDOMAIN=us.kellogg.com
USERDOMAIN=US
USERNAME=uskbxl03
USERPROFILE=C:\Documents and Settings\uskbxl03
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
keladmin (admin)
Administrator (admin)
usvjxt30 (admin)
uskbxl03 (admin)
uskdnj02 (admin)
uscrlw08 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 7.0 Standard - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-BA7E-100000000002}
Adobe ConnectNow --> C:\Documents and Settings\uskbxl03\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\acaddin\acaddin.exe -uninstall
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Agere Systems AC'97 Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD LT 2006 - English --> MsiExec.exe /I{5783F2D7-4009-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Aironet Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B34EEAF-2BD6-4323-B7C2-FB8968755ACC}\setup.exe" -l0x9 -removeonly
Cisco Systems VPN Client 4.6.02.0011 --> MsiExec.exe /X{06624881-CF7D-4F8A-86C0-5114B122E776}
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CorporateTime 5.1 --> MsiExec.exe /X{FF1DB6A0-42F1-4074-884F-DAD66A427C58}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
hp deskjet 6122 --> MsiExec.exe /X{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}
hp deskjet 6122 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 6122 series
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE" -l0x9 UNINSTALLFROMSYS
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Connections Drivers --> Prounstl.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPassConnect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000025594}\setup.exe"
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Kellogg Cisco WiFi package version 2.6 --> c:\drivers\CiscoWiFi\setup.exe /remove
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus Notes --> C:\WINDOWS\IsUninst.exe -fC:\Notes\Uninst.isu
Macromedia Flash Player --> MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Project Standard 2003 --> MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Photron FASTCAM Viewer 2.4 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A9355A3-A652-4F37-85B2-DB753E92DC46} /l1033
ProjectWise Explorer V8 XM Edition --> MsiExec.exe /I{482BA676-5C76-4B1C-98ED-11373B8C7CBD}
QuickTime --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RFClient --> MsiExec.exe /I{B4846B86-556B-4F2A-9F42-C0DDE06EDF2D}
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Shockwave Player --> MsiExec.exe /X{930439A1-B49E-4A54-A499-31BDC1A91DE5}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Symantec Client Security --> MsiExec.exe /I{00CD72B3-E2DF-4DFC-BCC1-5CC4F564518D}
ThinkPad Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559K.INF
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkVantage Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
WinZip --> "c:\program files\winzip9sr1\winzip32.exe" /uninstall
WinZip Command Line Support Add-On 1.1 SR-1 --> C:\Program Files\winzip9sr1\winzip32 /auninstall wzcline
-- Application Event Log -------------------------------------------------------
Event Record #/Type3854 / Error
Event Submitted/Written: 07/27/2008 08:21:22 AM
Event ID/Source: 1085 / Userenv
Event Description:
The Group Policy client-side extension Security failed to execute. Please look for any errors reported earlier by that extension.
Event Record #/Type3853 / Warning
Event Submitted/Written: 07/27/2008 08:21:22 AM
Event ID/Source: 1202 / SceCli
Event Description:
Security policies were propagated with warning.
0x4b8 : An extended error has occurred.
For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".
Event Record #/Type3851 / Error
Event Submitted/Written: 07/27/2008 05:32:52 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for US\uskbxl03 failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type3850 / Error
Event Submitted/Written: 07/27/2008 05:32:07 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type3849 / Error
Event Submitted/Written: 07/26/2008 10:01:40 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Packed.Generic.174 in File: C:\WINDOWS\system32\fmfmhqzy.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type8694 / Warning
Event Submitted/Written: 07/27/2008 08:32:24 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 8150 PCL 5e for Windows NT x86 Version-3 was added or updated. Files:- HPBF031G.DLL, HPBF031E.DLL, HPBF031I.PMD, HPBF031E.HLP, HPBFTM32.DLL, HPJCMN2U.DLL, HPPAPTS0.DLL, HPBMINI.DLL, HPBCFGRE.DLL, HPLJ8150.CFG, HPCDMC32.DLL, HPBAFD32.DLL, HPBMMON.DLL, HPDOMON.DLL, HPBHEALR.DLL, HPNRA.EXE, HPBOID.EXE, HPBPRO.EXE, HPPAPML0.EXE, HPBNRAC2.DLL, HPBMIAPI.DLL, HPBOIDPS.DLL, HPBPROPS.DLL, HPJIPX1U.DLL, HPPASNM0.DLL, HPPAPML0.DLL, HPBF031G.HPI.
Event Record #/Type8693 / Error
Event Submitted/Written: 07/27/2008 07:48:22 AM
Event ID/Source: 5789 / NETLOGON
Event Description:
Attempt to update DNS Host Name of the computer object
in Active Directory failed. The updated value was 'LUSKBXL03C9KZ'.
The following error occurred:
%%87
Event Record #/Type8653 / Error
Event Submitted/Written: 07/26/2008 09:31:06 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain US due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Event Record #/Type8642 / Error
Event Submitted/Written: 07/26/2008 11:17:51 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain US due to the following:
%%1311.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Event Record #/Type8641 / Warning
Event Submitted/Written: 07/26/2008 06:31:08 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
-- End of Deckard's System Scanner: finished at 2008-07-27 12:29:35 ------------